Technical Field
This disclosure relates generally to securing resources in a distributed computing environment, such as a transaction processing environment.
Background of the Related Art
Security systems associated with complex, multi-component computing environments are designed to permit selective and controlled access by active entities (such as users) to static entities (such as data sources).
A representative multi-component system of this type, wherein components work together cooperatively to form a larger system, is the IBM® HyperText Transfer Protocol (HTTP) and Web Services processing environment, which may be implemented using IBM mainframe computers, such as the IBM z196 family of computing machines. This environment typically includes IBM's WebSphere® Application Server (WAS) middleware platform software product, working in conjunction with one or more transaction processing products, such as IBM Customer Information Control System (CICS®) and/or IBM Information Management System (IMS), a message processing product, such as IBM WebSphere MQ, and a relational database, such as IBM DB2® database. An objective of a multi-component environment is to provide a high performance transaction processing computing system or environment accessible to client end-users via Internet browsers using HTTP or other Web Services. In this environment, the client end-user making the HTTP or Web Services request communicates directly with the application server. Typically, to fulfill the transaction request from the distributed client end-user, the application server invokes the services of one or more other components in the environment. One of more of these components typically execute on an operating system, such as IBM z/OS® operating system, which is often referred to as a “mainframe” operating system platform.
In such an environment, the transaction processing, messaging, and database components typically are executing within a mainframe computer that includes a framework for managing security within the environment. The framework includes a security server. In a representative z/OS implementation, the security framework is provided by z/OS Security Server, which includes the IBM Resource Access Control Facility (RACF®) as its security engine. RACF allows an administrator to set rules for controlling access to resources by defining what is protected at what level and determining who can access protected resources. In a typical mainframe operating environment (e.g., z/OS), RACF is used to identify and verify users' authority to access data and to use system facilities.
The above-described products and technologies expose interfaces that can be used by permitted entities, such as administrators, to monitor and manage resources that are being protected by the system. These approaches, however, typically vest control in a central security administrator.
It would be desirable to provide a technique by which an owner of a data source on a computing system of this type could protect that data source without requiring active involvement by a central security administrator to monitor and report on activities associated with the data source. This disclosure addresses this need.